Re: massive load caused by smartvd

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

Am 04.10.2014 um 03:34 schrieb Tim Dunphy:

Hey all,

  I noticed that my puppet server running CentOS 6.5 was acting a little
pokey.

   So I logged in and did what well just about anyone would've done. And ran
the uptime command to have a look at the load. And it was astonishingly
high!

[root@puppet:~] #uptime
  21:28:01 up  1:26,  3 users,  load average: 107.37, 72.06, 75.52


So then I had a look at top and saw a LOT of processes by the name of
smartvd.


  7332 root      20   0  423m 1808    0 S  5.6  0.1   0:49.30 smarvtd
  5469 root      20   0  423m 1804    0 S  4.6  0.1   0:49.55 smarvtd
  2042 root      20   0  423m 1804    0 S  3.7  0.1   0:49.66 smarvtd
  2421 root      20   0  423m 1808    0 S  3.7  0.1   0:47.62 smarvtd
  3081 root      20   0  423m 1808    0 S  3.7  0.1   0:47.08 smarvtd
  3366 root      20   0  423m 1804    0 S  3.7  0.1   0:47.87 smarvtd
  3568 root      20   0  423m 1808    0 S  3.7  0.1   0:48.94 smarvtd
  3971 root      20   0  423m 1812    0 S  3.7  0.1   0:49.18 smarvtd
  4264 root      20   0  423m 1812    0 S  3.7  0.1   0:48.33 smarvtd
  4585 root      20   0  423m 1812    0 S  3.7  0.1   0:48.44 smarvtd
  5277 root      20   0  423m 1808    0 S  3.7  0.1   0:48.13 smarvtd
  6160 root      20   0  423m 1812    0 S  3.7  0.1   0:49.33 smarvtd
  6441 root      20   0  423m 1808    0 S  3.7  0.1   0:48.17 smarvtd
  6746 root      20   0  423m 1804    0 S  3.7  0.1   0:49.60 smarvtd
  7612 root      20   0  423m 1812    0 S  3.7  0.1   0:48.97 smarvtd
  7919 root      20   0  423m 1808    0 S  3.7  0.1   0:47.33 smarvtd
  8202 root      20   0  423m 1812    0 S  3.7  0.1   0:49.67 smarvtd
26526 root      20   0  423m 1812    0 S  3.7  0.1   1:22.17 whitptabil
  2747 root      20   0  423m 1812    0 S  2.8  0.1   0:48.41 smarvtd
  4952 root      20   0  423m 1812    0 S  2.8  0.1   0:48.43 smarvtd
  5878 root      20   0  423m 1808    0 S  2.8  0.1   0:48.02 smarvtd
  7048 root      20   0  423m 1808    0 S  2.8  0.1   0:48.51 smarvtd

So my question to you is what the HELL is smartvd ? Seems like a virus to
me. And of course how do I get rid of it?

Also curious what whitptabil is and how to get rid of it.


[ ... ]


Really really curious here, guys. What do y'all think???

Thanks
Tim
Take the system off. Save the content for later forensics and then reinstall the system from scratch. What's running is malware 

http://v.virscan.org/Backdoor.Linux.Mayday.f.html
It is typical for such backdoors to camouflage as programs with a known name: whitptabil versus whiptail and smarvtd versus smartd. 

Alexander


_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux